Recently, technicians and
programmers for Diebold Election Systems, the company that
supplied every single voting machine for the surprising 2002
results in the state of Georgia, the company that is
preparing to convert the state of Maryland to its
no-paper-trail computerized voting, admitted to a
file-sharing system that amounts to a colossal security
flaw.

"Technology transfer for updates!" This is among
the benefits in the Diebold PowerPoint sales presentation
given to the State of Georgia. Easy updating -- too easy,
apparently.

The files on the Diebold FTP server are
sensitive. If you want to tamper with election results, you
either want to change the program or change the data file.
That is why the program files, which control how the votes
are tabulated, and the data files, which contain the actual
vote count, should not be available for swapping back and
forth like recipes on a cookbook site.

In "Black Box
Voting: Ballot-Tampering in the 21st Century," I am
examining the integrity of current electronic voting
systems, and in connection with this I installed a
Whistleblowers page at the Black Box Voting web site (
http://www.blackboxvoting.com/whistle.html). We've been
getting about four new reports a day, and some of them are
quite serious. Like this:

Diebold Election Systems, which
builds the AccuVote machines, both optical scan and
touch-screen, has been parking files on an unprotected
public Internet location. Thousands of files were available:
election files, hardware and software specifications,
program files, voting program patches.

The FTP button gave total access to
anonymous users, allowing anyone to download and apparently,
upload to the server. The FTP site contained no copyright
statement, asked for no user name, put locks on no
directories. Visitors from anywhere in the world could
simply walk in the front door. (Have a look at part of the
file directory:
http://www.blackboxvoting.com/WalkRightIn.html)

"Sometimes our customers use the FTP site to transfer their
own files," explains Guy Lancaster, whose web site,
http://www.guylancaster.com/guylancaster.html, says that
he developed and maintained the intranet web site for Global
Election Systems, now called Diebold Election Systems. "It
has been up quite some years. It started when it was
Global."

"People go there from counties, cities, sometimes
there is stuff there for state certification boards, federal
certification, a lot of test material gets passed around,"
Lancaster explains. Here is part of my interview with Guy
Lancaster on Feb. 4, 2003:

Harris: "Do you know if your
FTP site has ever had a security breach?" Lancaster: "I'm
trying to think, for a security breach, I think it got shut
down by someone…Recently someone shut it down." Harris:
"Would you know if someone came to your FTP, or replaced
files at your FTP?" Lancaster: "Well, we have recently just
discontinued what's considered anonymous access, so people
could before, yes, but now we use a different means…"
Harris: "It was available during the 2002 election?"
Lancaster: "I think so."

In fact, Diebold Election
Systems' FTP site was unprotected as recently as January 29,
2003. And, according to an e-mail that I obtained dated
October 3, 2000 written by Lancaster, (
http://www.mail-archive.com/cryptography-digest@senator-bedfellow.mit.edu/msg04030.html
) he expressed concern about lack of security
in this file-sharing method more than two years ago. Even
computer guys, apparently, don't always connect the wires:
Lancaster talked with colleagues about his company's
security issues using an open listserve forum that anyone
can read.

In this e-mail, Lancaster admits that his
company was allowing people to access a service over "an
untrusted network," the Internet. He pointed out that the
information could easily get redirected by a third party to
another server. Apparently in both Election 2000 and
Election 2002, Diebold / Global Election Systems had not
devised any way to make the file-sharing system secure.

I
wondered how easy it might be to download a file, alter it,
and upload it. Apparently that idea hadn't occurred to
Lancaster, who ran the site. "The site is just a means for
transferring stuff between people," he said. I called James
Rellinger, the independent contractor who built the Georgia
computer network for Diebold. "It's part of the interoffice
transfer of files as they are being worked on…That FTP
server is like a garage or workbench," said Rellinger.

The
AccuVote files, freely shared and sometimes snagged from the
FTP and e-mailed to election workers and technicians,
included hardware and software specifications, election
results files, the vote-counting program itself, and
"replacement files" for Diebold's GEMS vote-counting system
and for the Windows software underlying the system. In fact,
anyone with a modem could have hunkered over a computer to
download, upload or slightly change and overwrite the files
on Diebold's FTP site.

While not all of us use words like
"FTP" and "program patch" around the house, the high tech
community instantly understood the implications of this kind
of file swapping.

"The ability to install patches or new
software that wasn't certified has many risks, including the
introduction of new bugs and more opportunities for
tampering. It is even more risky if different patches can
be installed at the last minute in particular
jurisdictions," says David Dill, professor of computer
science at Stanford University.

"This opens the
possibility of customized tampering by people who know
exactly which races they want to affect, or bugs that are
even less likely to be caught because they only occur in a
small number of locations," says Dill. "Of course, even if
the certified code is frozen, it is easy to think of ways
that undetectable back-doors could be installed in the
software so that someone at the election site could choose
the winner of the election." Dill has put out an urgent call
for voting machine reform (
http://verify.stanford.edu/evote.html), recently
endorsed by 115 leading computer scientists. (Here's the
list:
http://verify.stanford.edu/dill/EVOTE/endorsements.html)

Some files at Diebold's FTP site had simple "zip"
passwords attached to them, but dozens had no protection at
all. And even the passwords, Lancaster admitted in his
October, 2000 e-mail, were easy to guess. "I can find no way
of authenticating a PIN without revealing enough information
to crack it," he says, adding that he was beginning to think
it was impossible to make the system secure.

Sources
familiar with the site voiced concerns about many of the
files. Unfortunately, I can't read a lick of code, but
apparently computer enthusiasts have been surreptitiously
downloading the Diebold files and examining them quietly.
When the "Black Box Voting" whistleblower page wentlive
recently, geek-reports began flowing.

One source who had
seen the hardware manual called in with a terse question:
"Why would we want a utility that can duplicate memory cards
in optical scan voting machines? Are the cards serialized?
Are they serialized internally? Is it hard-wired into the
card?" Apparently something he'd read in those FTP files had
gotten him all riled up about a memory card duplication
utility.

According to a source familiar with Windows
security issues, file names on the Diebold FTP site indicate
that some AccuVote software runs on the Windows 95/98
platform. "No one who is seriously concerned about security
would run an application on that platform," says David
Allen, an accredited Microsoft systems engineer. Even
Microsoft recommends using other platforms when security is
at issue.

Our attention was drawn to a curiously named
file named rob-georgia. Our first thought was that a Georgia
technician must be named Rob. I asked various Diebold
employees if anyone named Rob works at the company.
Lancaster thought there might be a salesman in California
with that name. A Diebold employee named Kerry Martin told
me that there was no technician in Georgia named Rob.

Another source pointed out that one of the names on the
Diebold FTP files, Kerry Martin, happens to be the same name
as the poll worker who did press interviews after the
flubbed Florida primary election in September 2002, when
ES&S machines (Diebold's main competitor) did not operate
properly.

So I spoke with Kerry Martin at Diebold's
McKinney, Texas site. He initially denied being a
technician, telling me he was in sales, but when I asked him
about the folders named "Kerry Martin" on the FTP site, he
admitted that he also does technical support. Martin said he
was in Norfolk Virginia, not Florida, last September, and I
have so far been unable to locate the poll worker named
Kerry Martin in Florida.

Some of the folders named "Kerry
Martin" have files in them that say things like "Replace
GEMS files with these." So I asked Martin about program
patches:

Harris: "Don't all the programs used in these
machines need to be certified? It seems that people are
uploading and downloading files at this FTP site and using
them in elections." Martin: "Certain hardware things and
certain software things, most of them, you only are allowed
to use the certified version." Harris: "Why, then, would you
have files that say 'replace the files with these?'" Martin:
"Replace all the files with these -- normally that could be
a Windows thing." Harris: "…you guys have a file on your FTP
that says "Replace the GEMS files with these." Martin:
"Replace the GEMS files … I don't know what that would
be."

Well, GEMS is the main program. It stands for Global
Election Management Systems, and it contains the
vote-counting program itself. I called Bob Urosevich, CEO
of Diebold Election Systems (also founder of ES&S, a
competing voting machine company). After my third call to
ask for his comments, his assistant said Urosevich had the
message. "If he wants to talk to you, he'll call you," she
said. Apparently Urosevich had nothing to say about the
election security glitch.

Tech-savvy citizens, however,
have a lot to say about the risks of an open FTP site, and
the files it contains.

One thing is certain: No matter
what our political affiliation, no matter which issues we
support, we are unanimous on the fact that voting must be at
the heart of a democratic system. And to achieve that, our
vote-counting program must be trustworthy.

While most people agree that increased sugar consumption is a major cause of too many New Zealanders being overweight and obese, what we should do about this remains a matter of debate and argument. More>>

Safe to say that no-one, but no-one has had a better 2016 than Vladimir Putin. What an annus mirabilis it has been for him. Somehow, Russia got away with directly interfering in the US election process, such that a friendly oligarch is about to take up residence in the White House, rather than a genuine rival. More>>

ALSO:

We all supposedly agree that the media is going to hell in a tabloid handbasket, but the trends to the contrary can be a bit harder to spot. In his 1970s book The Right Stuff, Tom Wolfe had mocked the way the media instinctively acts as what he called The Victorian Gentleman. More>>

Fake news as reality; the inability to navigate the waters in which it swims; a weakness in succumbing to material best treated with a huge pinch of salt. That, we are told, is the new condition of the global information environment. More>>

Post-natal depression is a sly and cruel illness, described by one expert as ‘the thief that steals motherhood’, it creeps up on its victims, hiding behind the stress and exhaustion of being a new parent, catching many women unaware and unprepared. More>>

Here’s a somewhat scary headline from October 30 on Nate Silver’s 538 site, which summed up the statistical factors in play at that point: “The Cubs Have A Smaller Chance Of Winning Than Trump Does” More>>